Update for Microsoft Internet Explorer

Systems Affected

• Internet Explorer versions 6.0 and later

Overview

As previously mentioned in SA04-315A, an attacker may be able to take control of your computer by taking advantage of a vulnerability in Internet Explorer.

Solution

Apply an update

Microsoft has released an update to resolve this problem. Obtain the appropriate update from Windows Update or by using Automatic Updates.

Internet Explorer 6 on Windows XP SP2 is not vulnerable.

Description

There is a vulnerability in the way Internet Explorer processes certain HTML code. By exploiting the vulnerability, an attacker may be able to take control of your computer or cause Internet Explorer to crash.

For more technical information, see TA04-336A.

References

• Windows Security Update for December 2004 - <http://www.microsoft.com/security/bulletins/200412_windows.mspx>
• US-CERT Technical Cyber Security Alert TA04-336A - <http://www.us-cert.gov/cas/techalerts/TA04-336A.html>
• US-CERT Cyber Security Alert SA04-315A - <http://www.us-cert.gov/cas/alerts/SA04-315A.html>
• US-CERT Technical Cyber Security Alert TA04-315A - <http://www.us-cert.gov/cas/techalerts/TA04-315A.html>
• Vulnerability Note VU#842160 - <http://www.kb.cert.org/vuls/id/842160>

Feedback can be directed to US-CERT.

Copyright 2004 Carnegie Mellon University. Terms of use

Revision History

December 1, 2004: Initial release
December 3, 2004: Added information about IE 6 on Windows XP SP2, added references to TA04-336A